|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risk Management
We maintain written policies and procedures that outline the Company’s comprehensive information security program (CISP). The Chief Information Security Officer (CISO) has the responsibility for implementation and maintenance of the CISP. In addition to SEC and FINRA regulatory requirements, we leverage established security frameworks, such as the National Institute of Standards and Technology Cybersecurity Framework, as guides to continually improve our policies and procedures. In addition, our employees are required to complete a cybersecurity training program each year, which is supplemented with additional awareness efforts, including phishing campaigns and informational notifications.
We employ a variety of security tools and components to monitor, identify and block cybersecurity threats. In the event of a cybersecurity incident, the Company has an incident response team (IRT) whose role is to respond quickly and effectively. The IRT utilizes an incident response plan for the implementation of the its incident response capabilities that provides (i) a definition of “reportable incidents/events”, and (ii) “metrics” for evaluating the IRT’s response capabilities and effectiveness. The checklist is periodically reviewed by the IT Department for lessons learned from both mock and actual incidents, and to assure compliance with most current industry best practices and latest regulatory developments. The incident response plan includes processes through which cybersecurity
incidents are escalated to the Company’s executive officers. To improve preparedness for a cybersecurity incident, we conduct tabletop exercises at least annually. These exercises are conducted by internal personnel.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We maintain written policies and procedures that outline the Company’s comprehensive information security program (CISP). The Chief Information Security Officer (CISO) has the responsibility for implementation and maintenance of the CISP. In addition to SEC and FINRA regulatory requirements, we leverage established security frameworks, such as the National Institute of Standards and Technology Cybersecurity Framework, as guides to continually improve our policies and procedures. In addition, our employees are required to complete a cybersecurity training program each year, which is supplemented with additional awareness efforts, including phishing campaigns and informational notifications.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity Committee
The mission of the Cyber Security Committee is to be responsible for the cultivation of a corporate culture that recognizes risk awareness and the development of the Company’s cyber security solutions, utilizing thought leadership, technology and systems, and development of applicable policies and procedures. Through its cyber security policy and procedures, the Committee will ensure effective collaboration and coordination between affected departments and staff in identifying and responding to both privacy and cyber security risks and events. The Committee will oversee the development and implementation of an enterprise-wide strategic framework related to the identification and prevention of cyber security threats as an integral part of the Firm’s risk management process, otherwise known as CISP. The Firm’s cyber security framework is intended to be “evolutionary”, requiring (i) periodic reviews, and (ii) testing of systems, that result in changes to Company policy and procedures, as cyber security issues and developments require. The Committee shall be composed of specified members of senior management, department heads and staff, who have been selected based upon their backgrounds and experience involving IT, Risk Management, Operations, Compliance, and Legal. The Committee shall have the discretion to engage and utilize the services of independent vendors, computer service providers (eSP’s) and consultants having expertise in the area of cyber security and IT. The Committee shall determine its meeting agendas and frequency of meetings which shall be reported through minutes prepared by the designated secretary.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Cyber Security Committee
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Through its cyber security policy and procedures, the Committee will ensure effective collaboration and coordination between affected departments and staff in identifying and responding to both privacy and cyber security risks and events. The Committee will oversee the development and implementation of an enterprise-wide strategic framework related to the identification and prevention of cyber security threats as an integral part of the Firm’s risk management process, otherwise known as CISP.
|Cybersecurity Risk Role of Management [Text Block]
|
We maintain written policies and procedures that outline the Company’s comprehensive information security program (CISP). The Chief Information Security Officer (CISO) has the responsibility for implementation and maintenance of the CISP. In addition to SEC and FINRA regulatory requirements, we leverage established security frameworks, such as the National Institute of Standards and Technology Cybersecurity Framework, as guides to continually improve our policies and procedures. In addition, our employees are required to complete a cybersecurity training program each year, which is supplemented with additional awareness efforts, including phishing campaigns and informational notifications.
We employ a variety of security tools and components to monitor, identify and block cybersecurity threats. In the event of a cybersecurity incident, the Company has an incident response team (IRT) whose role is to respond quickly and effectively. The IRT utilizes an incident response plan for the implementation of the its incident response capabilities that provides (i) a definition of “reportable incidents/events”, and (ii) “metrics” for evaluating the IRT’s response capabilities and effectiveness. The checklist is periodically reviewed by the IT Department for lessons learned from both mock and actual incidents, and to assure compliance with most current industry best practices and latest regulatory developments. The incident response plan includes processes through which cybersecurity
incidents are escalated to the Company’s executive officers. To improve preparedness for a cybersecurity incident, we conduct tabletop exercises at least annually. These exercises are conducted by internal personnel.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Chief Information Security Officer (CISO)
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The Committee shall be composed of specified members of senior management, department heads and staff, who have been selected based upon their backgrounds and experience involving IT, Risk Management, Operations, Compliance, and Legal. The Committee shall have the discretion to engage and utilize the services of independent vendors, computer service providers (eSP’s) and consultants having expertise in the area of cyber security and IT.
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef